Implement CAPTCHA for challenge deployment endpoint.
Resolves #18
Implementation Details
The implementation works as follows
User completes re-captcha checkbox
Token representing this completion is sent in deployment request
This token is assessed by the Google API
If invalid, then return 498 (Invalid token) error to client
Display error appropriately
Notes
introduces two new fields to config.yml:
recaptcha_site_key
recaptcha_secret
These can be found under recaptcha on the Google Cloud Console (or you can just dm me)
Right now they are under the LACTF Project (let me know if we need to change this)
Note: the site key only works for sites hosted on domains under the allowed domains
if you want to test locally, you can temporarily disable domain verification (or create a new key without it if you're secure)
My implementation utilizes recaptcha v2 (the checkbox) and googles legacy assessment API on the backend.
I chose these as they are by far the simplest
Upgrading to recaptcha v3 on the frontend is simple but I was under the impression that we wanted the checkbox. Let me know if we want v3 instead.
Regarding the backend, As far as I can tell we don't need any of the features introduced by the new assessment API (and the syntax is needlessly complex), so I would say the legacy API is our best bet unless someone has strong feelings against it.
Implement CAPTCHA for challenge deployment endpoint.
Resolves #18
Implementation Details
The implementation works as follows
Notes
introduces two new fields to
config.yml:recaptcha_site_keyrecaptcha_secretMy implementation utilizes recaptcha v2 (the checkbox) and googles legacy assessment API on the backend.